Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 16 Sep 2010 16:11:55 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE-identifier request for Dovecot ACL security
 bug

Please use CVE-2010-3304

Thanks.

-- 
    JB


----- "Henri Salo" <henri@...v.fi> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Can I get CVE-identifier for this issue?
> 
> "This release fixes a bug in ACL plugin, which could be considered a
> security bug: If Maildir is used with default settings (INBOX is same
> as Maildir root dir) and user set some ACLs to INBOX, those ACLs were
> copied to all newly created mailboxes. This should have been done
> only
> for "default ACLs", but with Maildir the INBOX directory is the same
> as
> the default ACL directory, so this mixup happened. This bug exists
> only
> in v1.2.x releases."
> 
> URL to announcement:
> http://www.dovecot.org/list/dovecot-news/2010-July/000163.html
> 
> Please note that this is different issue than: CVE-2010-0745
> 
> Best regards,
> Henri Salo
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> 
> iEYEARECAAYFAkySVTEACgkQXf6hBi6kbk9r9wCgs6z72LRTcywrsWIPtRiAR/R0
> fxcAoLQuYxA3NDFPsUiUhe7uTBm6c5xI
> =nWSw
> -----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ